1. Technical Field
This disclosure relates generally to mobile device security and, in particular, to resetting passwords on a device that has been stolen or otherwise compromised.
2. Background of the Related Art
Mobile devices, such as a smartphone or tablet, are in widespread use among consumers. The use of state-of-the-art processors, memory, multi-touch display screens, and the like in these devices enable support of a large number of mobile applications. These devices also support web browsing software.
Users of mobile devices typically save user names and passwords on their devices to avoid having to retype the password each time they enter a user account. This is due to the form factor of the device. On bringing up any of the corresponding applications or web pages, e.g., a credit card account, the user name and password are typically auto-filled from memory. When a mobile device is stolen and unlocked, however, a thief can recover from the device those user name/password combinations, thereby exposing the user's personal information. This may happen quickly, where an unlocked phone is taken from the owner; moreover, even if the device includes an automatic screen locking function, a more sophisticated thief may have the ability to unlock the phone and still recover the user's sensitive data. Moreover, where users have many user name/passwords on their device, it may prove difficult to act on all the related accounts quickly, e.g. reset the password(s) or disable the account. This creates significant security vulnerabilities.
It is known in the prior art to implement a master password on a device to encrypt all other passwords. Thus, a thief cannot access any of the passwords on the device unless the phone is unlocked with the master password. While this approach does provide for security, it defeats the purpose of using auto-fill on the device, and thus many users do not like to use it. In addition, where a device is unlocked and stolen, a thief may use cracking software to decrypt to master password, thereby exposing all sensitive data.
Another approach is to disable the phone or delete all of its data upon theft. In particular, some organizations require their users to install software on the device that will delete all data upon receipt at the device of a message. The problem with this approach is that there are times when the user is unsure if the device is stolen or, rather, simply misplaced (to be later found).
There remains a need to provide enhanced security techniques for password and other data protection on mobile devices.